I created an API key and left the other settings apart from run-as as default (i.e. wide open) and set run as to a user with a role that has the desired priviliges.
Will this key have the restriction of the assigned role?
I would hope yes! : )
Did you create the API key with something like the following
POST _security/api_key
{
"name": "k1",
"role_descriptors": {
"x": {
"run_as": [
"foo"
]
}
}
}
If yes, the API key will only have the privilege to run-as user foo and nothing else.
Thanks!
Ah! I should have been more explicit. I generated the key in kibana. So should cut everything except the run-as entry?
My reasoning was that if the key ran as a particular user then that would define the actual access.
That's correct
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.